PSA 220 (Revised) Auditing Standards and Practices Council Philippine Standard on Auditing 220 (Revised) QUALITY CONTROL FOR AUDITS OF HISTORICAL FINANCIAL INFORMATION Conforming Amendments Glossary of Terms PSA 620, Using the Work of an Expert PAPS 1012, Auditing Derivative Financial Instruments PSA 220 (Revised) PHILIPPINE STANDARD ON AUDITING 220 (REVISED) QUALITY CONTROL FOR AUDITS OF HISTORICAL FINANCIAL INFORMATION (Effective for audits of historical financial information for periods beginning on or after June 15, 2006)* CONTENTS Paragraphs Introduction ……………………………………………………………. 1-4 Definitions ……………………………………………………………... 5 Leadership Responsibilities for Quality on Audits ……………………. 7 Ethical Requirements ………………………………………………….. 8-13 Acceptance and Continuance of Client Relationships and Specific Audit Engagements …………………………………………………... 14-18 Assignment of Engagement Teams ……………………………………. 19-20 Engagement Performance ……………………………………………… 21-40 Monitoring ……………………………………………………………... 41-42 Effective Date ………………………………………………………….. 43-44 Acknowledgment ……………………………………………………… 45-46 Philippine Standard on Auditing (PSA) 220 (Revised), “Quality Control for Audits of Historical Financial Information” should be read in the context of the “Preface to the Philippine Standards on Quality Control, Auditing, Other Assurance and Related Services,” which sets out the application and authority of PSAs. * This PSA and PSQC 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements” gave rise to amendments to the Glossary of Terms, PSA 620, “Using the Work of an Expert,” and PAPS 1012, “Auditing Derivative Financial Information.” These amendments are attached to this PSA. PSA 220, “Quality Control for Audit Work,” approved by the Auditing Standards and Practices Council in 2001 will be withdrawn in June 2006 when PSA 220 (Revised) becomes effective. -2- PSA 220 (Revised) Quality Control for Audits of Historical Financial Information Introduction 1. The purpose of this Philippine Standard on Auditing (PSA) is to establish standards and provide guidance on specific responsibilities of firm personnel regarding quality control procedures for audits of historical financial information, including audits of financial statements. This PSA is to be read in conjunction with Parts A and B of the Code of Ethics for Professional Accountants in the Philippines (the Philippine Code). 2. The engagement team should implement quality control procedures that are applicable to the individual audit engagement. 3. Under Philippine Standard on Quality Control (PSQC) 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements,” a firm has an obligation to establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements, and that the auditors’ reports issued by the firm or engagement partners are appropriate in the circumstances. 4. Engagement teams: (a) Implement quality control procedures that are applicable to the audit engagement; (b) Provide the firm with relevant information to enable the functioning of that part of the firm’s system of quality control relating to independence; and (c) Are entitled to rely on the firm’s systems (for example in relation to capabilities and competence of personnel through their recruitment and formal training; independence through the accumulation and communication of relevant independence information; maintenance of client relationships through acceptance and continuance systems; and adherence to regulatory and legal requirements through the monitoring process), unless information provided by the firm or other parties suggests otherwise. -3- PSA 220 (Revised) Definitions 5. * In this PSA, the following terms have the meanings attributed below: (a) “Engagement partner” – the partner or other person in the firm who is responsible for the audit engagement and its performance, and for the auditor’s report that is issued on behalf of the firm, and who, where required, has the appropriate authority from a professional, legal or regulatory body; (b) “Engagement quality control review” – a process designed to provide an objective evaluation, before the auditor’s report is issued, of the significant judgments the engagement team made and the conclusions they reached in formulating the auditor’s report; (c) “Engagement quality control reviewer” – a partner, other person in the firm, suitably qualified external person, or a team made up of such individuals, with sufficient and appropriate experience and authority to objectively evaluate, before the auditor’s report is issued, the significant judgments the engagement team made and the conclusions they reached in formulating the auditor’s report; (d) “Engagement team” – all personnel performing an audit engagement, including any experts contracted by the firm in connection with that audit engagement; (e) “Firm” – a sole practitioner, or partnership, or other entity of professional accountants; (f) “Inspection” – in relation to completed audit engagements, procedures designed to provide evidence of compliance by engagement teams with the firm’s quality control policies and procedures; (g) “Listed entity”*. – an entity whose shares, stock or debt are quoted or listed on a recognized stock exchange, or are marketed under the regulations of a recognized stock exchange or other equivalent body; (h) “Monitoring” – a process comprising an ongoing consideration and evaluation of the firm’s system of quality control, including a periodic inspection of a selection of completed engagements, designed to enable the firm to obtain reasonable assurance that its system of quality control is operating effectively; As defined in the Philippine Code published in January 2004. -4- PSA 220 (Revised) (i) “Network firm”*. – an entity under common control, ownership or management with the firm or any entity that a reasonable and informed third party having knowledge of all relevant information would reasonably conclude as being part of the firm nationally or internationally; (j) “Partner” – any individual with authority to bind the firm with respect to the performance of a professional services engagement; (k) “Personnel” – partners and staff; (l) “Professional standards” – ASPC Engagement Standards, as defined in the ASPC’s “Preface to the Philippine Standards on Quality Control, Auditing, Assurance and Related Services,” and relevant ethical requirements, which ordinarily comprise Parts A and B of the Philippine Code; (m) “Reasonable assurance” – in the context of this PSA, a high, but not absolute, level of assurance; (n) “Staff” – professionals, other than partners, including any experts the firm employs; and (o) “Suitably qualified external person” – an individual outside the firm with the capabilities and competence to act as an engagement partner, for example a partner of another firm, or an employee (with appropriate experience) of either a professional accountancy body whose members may perform audits of historical financial information or of an organization that provides relevant quality control services. Leadership Responsibilities for Quality on Audits 6. The engagement partner should take responsibility for the overall quality on each audit engagement to which that partner is assigned. 7. The engagement partner sets an example regarding audit quality to the other members of the engagement team through all stages of the audit engagement. Ordinarily, this example is provided through the actions of the engagement partner and through appropriate messages to the engagement team. Such actions and messages emphasize: (a) The importance of: (i) Performing work that complies with professional standards and regulatory and legal requirements; -5- (ii) PSA 220 (Revised) Complying with the firm’s quality control policies and procedures as applicable; and (iii) Issuing auditor’s reports that are appropriate in the circumstances; and (b) The fact that quality is essential in performing audit engagements. Ethical Requirements 8. The engagement partner should consider whether members of the engagement team have complied with ethical requirements. 9. Ethical requirements relating to audit engagements comprise Parts A and B of the Philippine Code. The Philippine Code establishes the fundamental principles of professional ethics, which include: (a) Integrity; (b) Objectivity; (c) Professional competence and due care; (d) Confidentiality; and (e) Professional behavior. 10. The engagement partner remains alert for evidence of non-compliance with ethical requirements. Inquiry and observation regarding ethical matters amongst the engagement partner and other members of the engagement team occur as necessary throughout the audit engagement. If matters come to the engagement partner’s attention through the firm’s systems or otherwise that indicate that members of the engagement team have not complied with ethical requirements, the partner, in consultation with others in the firm, determines the appropriate action. 11. The engagement partner and, where appropriate, other members of the engagement team, document issues identified and how they were resolved. Independence 12. The engagement partner should form a conclusion on compliance with independence requirements that apply to the audit engagement. In doing so, the engagement partner should: -6- 13. PSA 220 (Revised) (a) Obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate circumstances and relationships that create threats to independence; (b) Evaluate information on identified breaches, if any, of the firm’s independence policies and procedures to determine whether they create a threat to independence for the audit engagement; (c) Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying safeguards. The engagement partner should promptly report to the firm any failure to resolve the matter for appropriate action; and (d) Document conclusions on independence and any relevant discussions with the firm that support these conclusions. The engagement partner may identify a threat to independence regarding the audit engagement that safeguards may not be able to eliminate or reduce to an acceptable level. In that case, the engagement partner consults within the firm to determine appropriate action, which may include eliminating the activity or interest that creates the threat, or withdrawing from the audit engagement. Such discussion and conclusions are documented. Acceptance and Continuance of Client Relationships and Specific Audit Engagements 14. The engagement partner should be satisfied that appropriate procedures regarding the acceptance and continuance of client relationships and specific audit engagements have been followed, and that conclusions reached in this regard are appropriate and have been documented. 15. The engagement partner may or may not initiate the decision-making process for acceptance or continuance regarding the audit engagement. Regardless of whether the engagement partner initiated that process, the partner determines whether the most recent decision remains appropriate. 16. Acceptance and continuance of client relationships and specific audit engagements include considering: • The integrity of the principal owners, key management and those charged with governance of the entity; • Whether the engagement team is competent to perform the audit engagement and has the necessary time and resources; and -7- • PSA 220 (Revised) Whether the firm and the engagement team can comply with ethical requirements. Where issues arise out of any of these considerations, the engagement team conducts the appropriate consultations set out in paragraphs 30-33, and documents how issues were resolved. 17. Deciding whether to continue a client relationship includes consideration of significant matters that have arisen during the current or previous audit engagement, and their implications for continuing the relationship. For example, a client may have started to expand its business operations into an area where the firm does not possess the necessary knowledge or expertise. 18. Where the engagement partner obtains information that would have caused the firm to decline the audit engagement if that information had been available earlier, the engagement partner should communicate that information promptly to the firm, so that the firm and the engagement partner can take the necessary action. Assignment of Engagement Teams 19. The engagement partner should be satisfied that the engagement team collectively has the appropriate capabilities, competence and time to perform the audit engagement in accordance with professional standards and regulatory and legal requirements, and to enable an auditor’s report that is appropriate in the circumstances to be issued. 20. The appropriate capabilities and competence expected of the engagement team as a whole include the following: • An understanding of, and practical experience with, audit engagements of a similar nature and complexity through appropriate training and participation. • An understanding of professional standards and regulatory and legal requirements. • Appropriate technical knowledge, including knowledge of relevant information technology. • Knowledge of relevant industries in which the client operates. • Ability to apply professional judgment. • An understanding of the firm’s quality control policies and procedures. -8- PSA 220 (Revised) Engagement Performance 21. The engagement partner should take responsibility for the direction, supervision and performance of the audit engagement in compliance with professional standards and regulatory and legal requirements, and for the auditor’s report that is issued to be appropriate in the circumstances. 22. The engagement partner directs the audit engagement by informing the members of the engagement team of: (a) Their responsibilities; (b) The nature of the entity’s business; (c) Risk-related issues; (d) Problems that may arise; and (e) The detailed approach to the performance of the engagement. The engagement team’s responsibilities include maintaining an objective state of mind and an appropriate level of professional skepticism, and performing the work delegated to them in accordance with the ethical principle of due care. Members of the engagement team are encouraged to raise questions with more experienced team members. Appropriate communication occurs within the engagement team. 23. It is important that all members of the engagement team understand the objectives of the work they are to perform. Appropriate team-working and training are necessary to assist less experienced members of the engagement team to clearly understand the objectives of the assigned work. 24. Supervision includes the following: • Tracking the progress of the audit engagement. • Considering the capabilities and competence of individual members of the engagement team, whether they have sufficient time to carry out their work, whether they understand their instructions, and whether the work is being carried out in accordance with the planned approach to the audit engagement. -9- 25. PSA 220 (Revised) • Addressing significant issues arising during the audit engagement, considering their significance and modifying the planned approach appropriately. • Identifying matters for consultation or consideration by more experienced engagement team members during the audit engagement. Review responsibilities are determined on the basis that more experienced team members, including the engagement partner, review work performed by less experienced team members. Reviewers consider whether: (a) The work has been performed in accordance with professional standards and regulatory and legal requirements; (b) Significant matters have been raised for further consideration; (c) Appropriate consultations have taken place and the resulting conclusions have been documented and implemented; (d) There is a need to revise the nature, timing and extent of work performed; (e) The work performed supports the conclusions reached and is appropriately documented; (f) The evidence obtained is sufficient and appropriate to support the auditor’s report; and (g) The objectives of the engagement procedures have been achieved. 26. Before the auditor’s report is issued, the engagement partner, through review of the audit documentation and discussion with the engagement team, should be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued. 27. The engagement partner conducts timely reviews at appropriate stages during the engagement. This allows significant matters to be resolved on a timely basis to the engagement partner’s satisfaction before the auditor’s report is issued. The reviews cover critical areas of judgment, especially those relating to difficult or contentious matters identified during the course of the engagement, significant risks, and other areas the engagement partner considers important. The engagement partner need not review all audit documentation. However, the partner documents the extent and timing of the reviews. Issues arising from the reviews are resolved to the satisfaction of the engagement partner. - 10 - PSA 220 (Revised) 28. A new engagement partner taking over an audit during the engagement reviews the work performed to the date of the change. The review procedures are sufficient to satisfy the new engagement partner that the work performed to the date of the review has been planned and performed in accordance with professional standards and regulatory and legal requirements. 29. Where more than one partner is involved in the conduct of an audit engagement, it is important that the responsibilities of the respective partners are clearly defined and understood by the engagement team. Consultation 30. The engagement partner should: (a) Be responsible for the engagement team undertaking appropriate consultation on difficult or contentious matters; (b) Be satisfied that members of the engagement team have undertaken appropriate consultation during the course of the engagement, both within the engagement team and between the engagement team and others at the appropriate level within or outside the firm; (c) Be satisfied that the nature and scope of, and conclusions resulting from, such consultations are documented and agreed with the party consulted; and (d) Determine that conclusions resulting from consultations have been implemented. 31. Effective consultation with other professionals requires that those consulted be given all the relevant facts that will enable them to provide informed advice on technical, ethical or other matters. Where appropriate, the engagement team consults individuals with appropriate knowledge, seniority and experience within the firm or, where applicable, outside the firm. Conclusions resulting from consultations are appropriately documented and implemented. 32. It may be appropriate for the engagement team to consult outside the firm, for example, where the firm lacks appropriate internal resources. They may take advantage of advisory services provided by other firms, professional and regulatory bodies, or commercial organizations that provide relevant quality control services. - 11 - 33. PSA 220 (Revised) The documentation of consultations with other professionals that involve difficult or contentious matters is agreed by both the individual seeking consultation and the individual consulted. The documentation is sufficiently complete and detailed to enable an understanding of: (a) The issue on which consultation was sought; and (b) The results of the consultation, including any decisions taken, the basis for those decisions and how they were implemented. Differences of Opinion 34. Where differences of opinion arise within the engagement team, with those consulted and, where applicable, between the engagement partner and the engagement quality control reviewer, the engagement team should follow the firm’s policies and procedures for dealing with and resolving differences of opinion. 35. As necessary, the engagement partner informs members of the engagement team that they may bring matters involving differences of opinion to the attention of the engagement partner or others within the firm as appropriate without fear of reprisals. Engagement Quality Control Review 36. For audits of financial statements of listed entities, the engagement partner should: (a) Determine that an engagement quality control reviewer has been appointed; (b) Discuss significant matters arising during the audit engagement, including those identified during the engagement quality control review, with the engagement quality control reviewer; and (c) Not issue the auditor’s report until the completion of the engagement quality control review. For other audit engagements where an engagement quality control review is performed, the engagement partner follows the requirements set out in subparagraphs (a) to (c). - 12 - PSA 220 (Revised) 37. Where, at the start of the engagement, an engagement quality control review is not considered necessary, the engagement partner is alert for changes in circumstances that would require such a review. 38. An engagement quality control review should include an objective evaluation of: (a) The significant judgments made by the engagement team; and (b) The conclusions reached in formulating the auditor’s report. 39. An engagement quality control review ordinarily involves discussion with the engagement partner, a review of the financial information and the auditor’s report, and, in particular, consideration of whether the auditor’s report is appropriate. It also involves a review of selected audit documentation relating to the significant judgments the engagement team made and the conclusions they reached. The extent of the review depends on the complexity of the audit engagement and the risk that the auditor’s report might not be appropriate in the circumstances. The review does not reduce the responsibilities of the engagement partner. 40 An engagement quality control review for audits of financial statements of listed entities includes considering the following: • The engagement team’s evaluation of the firm’s independence in relation to the specific audit engagement. • Significant risks identified during the engagement (in accordance with PSA 315, “Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement”), and the responses to those risks (in accordance with PSA 325, “Auditor’s Procedures in Response to Assessed Risks”), including the engagement team’s assessment of, and response to, the risk of fraud. • Judgments made, particularly with respect to materiality and significant risks. • Whether appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters, and the conclusions arising from those consultations. • The significance and disposition of corrected and uncorrected misstatements identified during the audit. - 13 - PSA 220 (Revised) • The matters to be communicated to management and those charged with governance and, where applicable, other parties such as regulatory bodies. • Whether audit documentation selected for review reflects the work performed in relation to the significant judgments and supports the conclusions reached. • The appropriateness of the auditor’s report to be issued. Engagement quality control reviews for audits of historical financial information other than audits of financial statements of listed entities may, depending on the circumstances, include some or all of these considerations. Monitoring 41. 42. PSQC 1 requires the firm to establish policies and procedures designed to provide it with reasonable assurance that the policies and procedures relating to the system of quality control are relevant, adequate, operating effectively and complied with in practice. The engagement partner considers the results of the monitoring process as evidenced in the latest information circulated by the firm and, if applicable, other network firms. The engagement partner considers: (a) Whether deficiencies noted in that information may affect the audit engagement; and (b) Whether the measures the firm took to rectify the situation are sufficient in the context of that audit. A deficiency in the firm’s system of quality control does not indicate that a particular audit engagement was not performed in accordance with professional standards and regulatory and legal requirements, or that the auditor’s report was not appropriate. Effective Date 43. This PSA 220 (Revised) is effective for audits of historical financial information for periods commencing on or after June 15, 2006. 44. PSA 220, “Quality Control for Audit Work,” approved by the Auditing Standards and Practices Council in 2001 will be withdrawn in June 2006 when PSA 220 (Revised) becomes effective. - 14 - PSA 220 (Revised) Acknowledgment 45. This PSA is based on International Standard on Auditing (ISA) 220 (Revised), “Quality Control for Audits of Historical Financial Information,” issued by the International Auditing and Assurance Standards Board. 46. There are no significant differences between this PSA and ISA 220 (Revised) except for the deletion of paragraphs 2 and 4 under Public Sector Perspective. Public Sector Perspective 1. Some of the terms in the PSA, such as “engagement partner” and “firm,” should be read as referring to their public sector equivalents. However with limited exceptions, there is no public sector equivalent of “listed entities,” although there may be audits of particularly significant public sector entities which should be subject to the listed entity requirements of mandatory rotation of the engagement partner (or equivalent) and engagement quality control review. There are no fixed objective criteria on which this determination of significance should be based. However, such an assessment should encompass an evaluation of all factors relevant to the audited entity. Such factors include size, complexity, commercial risk, parliamentary or media interest and the number and range of stakeholders affected. 2. [This paragraph does not apply in the Philippines and is therefore not used.] 3. In the public sector, auditors are appointed in accordance with statutory procedures. Accordingly, certain of the considerations regarding the acceptance and continuance of client relationships and specific engagements, as set out in paragraphs 16-17 of this PSA, may not be relevant. Deleted: However, in many jurisdictions there is a single statutorily appointed auditor-general who acts in a role equivalent to that of “engagement partner” and who has overall responsibility for public sector audits. In such circumstances, where applicable, the engagement reviewer should be selected having regard to the need for independence and objectivity. - 15 - PSA 220 (Revised) 4. [This paragraph does not apply in the Philippines and is therefore not used.] 5. Paragraph 20 sets out capabilities and competence expected of the engagement team. Additional capabilities may be required in public sector audits, dependent upon the terms of the mandate in a particular jurisdiction. Such additional capabilities may include an understanding of the applicable reporting arrangements, including reporting to a representative body, for example, the President, Congress or in the public interest. The wider scope of a public sector audit may include, for example, some aspects of performance auditing or a comprehensive assessment of the arrangements for ensuring legality and preventing and detecting fraud and corruption. Deleted: Similarly, the independence of public sector auditors may be protected by statutory measures. However, public sector auditors or audit firms carrying out public sector audits on behalf of the statutory auditor may, depending on the terms of the mandate in a particular jurisdiction, need to adapt their approach in order to ensure compliance with the spirit of paragraphs 12 and 13. This may include, where the public sector auditor’s mandate does not permit withdrawal from the engagement, disclosure through a public report, of circumstances that have arisen that would, if they were in the private sector, lead the auditor to withdraw. - 16 - PSA 220 (Revised) This PSA 220 (Revised) was unanimously approved for adoption in the Philippines on February 21, 2005 by the members of the Auditing Standards and Practices Council: Benjamin R. Punongbayan, Chairman Antonio P. Acyatan, Vice Chairman Felicidad A. Abad David L. Balangue Eliseo A. Fernandez Nestorio C. Roraldo Joaquin P. Tolentino Editha O. Tuason Joycelyn J. Villaflores Horace F. Dumlao Ester F. Ledesma Manuel O. Faustino Erwin Vincent G. Alcala Froilan G. Ampil Eugene T. Mateo Flerida V. Creencia Roberto G. Manabat - 17 - PSA 220 (Revised) Amendments to the Glossary of Terms, PSA 620 and PAPS 1012 as a Result of PSQC 1 and PSA 220 (Revised) Effective Dates Systems of quality control in compliance with Philippine Standard on Quality Control (PSQC) 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements” are required to be established by June 15, 2006. Philippine Standard on Auditing (PSA) 220 (Revised), “Quality Control for Audits of Historical Financial Information” is effective for audits of historical financial information for periods commencing on or after June 15, 2006. Glossary of Terms Quality controls—As set out in PSQC 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements,” tThe policies and procedures adopted by a firm designed to provide it with reasonable assurance that all audits done by the firm and its personnel comply with professional standards and regulatory and legal requirements, and that reports issued by the firm or engagement partners are appropriate in the circumstances are being carried out in accordance with the Objective and General Principles Governing an Audit of Financial Statements, as set out in International Standard on Auditing 220 “Quality Control for Audit Work.” PSA 620, “Using the Work of an Expert” 5. An expert may be: (a) Contracted Engaged by the entity; (b) Contracted Engaged by the auditor; (c) Employed by the entity; or (d) Employed by the auditor. When the auditor uses the work of an expert employed by the audit firm, the auditor will be able to rely on the firm’s systems for recruitment and training that determine that expert’s capabilities and competence, as explained in PSA 220 (Revised), “Quality Control for Audits of Historical Financial Information” instead of needing to evaluate them for each audit engagement auditor, that work is used in the employee’s capacity as an expert rather than as an assistant on the audit as contemplated in PSA 220, “Quality Control for Audit Work.” Accordingly, in such circumstances the - 18 - PSA 220 (Revised) auditor will need to apply relevant procedures to the employee’s work and findings but will not ordinarily need to assess for each engagement the employee’s skills and competence. PAPS 1012, “Auditing Derivative Financial Instruments” 15. Members of the engagement team may have the necessary skill and knowledge to plan and perform auditing procedures related to derivatives transactions. Alternatively, the auditor may decide to seek the assistance of an expert outside the firm, with the necessary skills or knowledge to plan and perform the auditing procedures, especially when the derivatives are very complex, or when simple derivatives are used in complex situations, the entity is engaged in active trading of derivatives, or the valuation of the derivatives are based on complex pricing models. PSA 220 (Revised), “Quality Control for Audits Work of Historical Financial Information,” provides guidance on the supervision of individuals who serve as members of the engagement team and assist the auditor in planning and performing auditing procedures. PSA 620, “Using the Work of an Expert,” provides guidance on the use of an expert’s work as audit evidence.